Re: Books on .net security
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 9 Feb 2007 11:16:48 -0600
A lot of it depends on what you mean by Windows forms security. The
interaction of .NET apps with the underlying Windows security model (which
is what Keith's book is primarily about) isn't any different and Keith
actually covers a bunch of the new .NET 2.0 features in the book that affect
this stuff.
If you are primarily concerned with things like implementing application
level role-based authorization in your app, a lot of the same rules
governing web apps affect forms apps as well. There are a number of models
for doing this kind of thing such as .NET IPrincipal and AzMan.
One thing that you have consider in forms apps is that they are subject to
hacking/subversion by the local user. Since the local user is often an
admin, they can do all sorts of things to your code or the actual memory of
the app as it executes via a debugger. On web apps or other multi-tier
designs where a remote server enforces security policy, you don't have this
specific threat.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Bill Gower" <billgower@xxxxxxxxxxx> wrote in message
news:eepUQFGTHHA.4844@xxxxxxxxxxxxxxxxxxxxxxx
I was looking at Keith's book on Amazon because I am more concerned at the
Windows Forms security than ASP.Net security but I was a little worried
because it was written prior to the release of .net 2.0. Is that an issue?
Did much change from 1.1 to 2.0 in terms of security for Windows forms?
Bill
"Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uKMj05FTHHA.496@xxxxxxxxxxxxxxxxxxxxxxx
Dominick's book is great for ASP.NET security:
http://www.amazon.com/Developing-More-Secure-Microsoft-Applications-Developer/dp/0735623317/sr=8-1/qid=1171034577/ref=pd_bbs_sr_1/002-7082849-3805619?ie=UTF8&s=books
Keith's book on Windows Security for .NET developers is very useful too:
http://www.amazon.com/Developers-Windows-Security-Microsoft-Development/dp/0321228359/sr=1-1/qid=1171034659/ref=pd_bbs_sr_1/002-7082849-3805619?ie=UTF8&s=books
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Bill Gower" <billgower@xxxxxxxxxxx> wrote in message
news:%23oUANvFTHHA.3592@xxxxxxxxxxxxxxxxxxxxxxx
What is the best book out there right now on .Net Security? I am
looking for something that covers more from the developer angle and is
current.
Bill
.
- References:
- Books on .net security
- From: Bill Gower
- Re: Books on .net security
- From: Joe Kaplan
- Re: Books on .net security
- From: Bill Gower
- Books on .net security
- Prev by Date: Re: Books on .net security
- Next by Date: Client Certificate Selection
- Previous by thread: Re: Books on .net security
- Next by thread: Client Certificate Selection
- Index(es):
Relevant Pages
|
